Application: PHP Classifieds
Affected Version: version 7.3 and other versions.
Vendor’s URL: PHP Classifieds
Bug Type: Cross Site Scripting and File Upload
Risk Level: Critical
Solution:
Edit the source code to ensure that input is properly sanitised.
Cross Site Scripting, File Inclusion
Application: Drupal
Affected Version: version 5.x-1.3 and other versions.
Vendor’s URL: Drupal Tasklist Module
Bug Type: Cross Site Scripting and SQL Injection
Risk Level: Medium
Solution:
Update to version version 5.x-1.3.
Content Management, SQL Injection
Application: Drupal
Affected Version: prior to 6.x-2.2.
Vendor’s URL: Drupal Content Construction Kit
Bug Type: Cross Site Scripting
Risk Level: Medium
Solution:
Update to CCK 6.x-2.2.
Content Management, Cross Site Scripting
Application: WordPress
Affected Version: version 2.1
Vendor’s URL: WordPress fMoblog Plugin
Bug Type: SQL Injection
Risk Level: Critical
Solution:
Edit the source code to ensure that input is properly sanitised.
Content Management, SQL Injection
Application: PHP Pro Bid
Affected Version: version 6.05
Vendor’s URL: PHP Pro Bid
Bug Type: File Inclusion
Risk Level: Critical
Solution:
The vulnerability has been fixed in an updated version 6.05.
File Inclusion
Application: Drupal
Affected Version: prior to 5.x-1.19
Vendor’s URL: Drupal Forward Module
Bug Type: Security Bypass
Risk Level: Medium
Solution:
Update to version 5.x-1.19.
Access Bypass, Content Management
Application: OpenPHPnuke
Affected Version: prior to 2.4.16
Vendor’s URL: OpenPHPnuke
Bug Type: SQL Injection
Risk Level: Critical
Solution:
Update to version 2.4.16.
Content Management, SQL Injection
Application: Joomla
Affected Version:
Vendor’s URL: DigiStore Component
Bug Type: SQL Injection
Risk Level: Critical
Solution:
Edit the source code to ensure that input is properly sanitised.
Content Management, SQL Injection
Application: Drupal
Affected Version: version 5.x-1.3 and other versions.
Vendor’s URL: Protected Node Module
Bug Type: Cross Site Scripting
Risk Level: Medium
Solution:
Update to version 5.x-1.4 or later.
Content Management, Cross Site Scripting
Application: Coppermine
Affected Version: version 1.4.20 and 1.4.21 and other versions.
Vendor’s URL: Coppermine Photo Gallery
Bug Type: Cross Site Scripting
Risk Level: Medium
Solution:
Update to version 1.4.21, which protects from exploitation via bbcode tags. Do not visit untrusted web sites while logged on to the application.
Cross Site Scripting, Image Galleries
Application: Drupal
Affected Version: version 5.x-1.1 and other versions.
Vendor’s URL: Taxonomy Theme Module
Bug Type: Cross Site Scripting
Risk Level: Medium
Solution:
Update to version 5.x-1.2.
Content Management, Cross Site Scripting
Application: Drupal
Affected Version: version 5.x-1.5 and other versions.
Vendor’s URL: Viewfield Module
Bug Type: Cross Site Scripting
Risk Level: Medium
Solution:
Edit the source code to ensure that input is properly sanitised.
Content Management, Cross Site Scripting
Application: Drupal
Affected Version: prior to 5.16 and 6.x prior to 6.10.
Vendor’s URL: Drupal Theme Engine
Bug Type: Local File Inclusion
Risk Level: Critical
Solution:
Update to a fixed version or apply patches.
– Drupal 5.x –
Update to version 5.16:
http://ftp.drupal.org/files/projects/drupal-5.16.tar.gz
Patch for version 5.15:
http://drupal.org/files/sa-core-2009-003/SA-CORE-2009-003-6.9.patch
– Drupal 6.x –
Update to version 6.10:
http://ftp.drupal.org/files/projects/drupal-6.10.tar.gz
Patch for version 6.9:
http://drupal.org/files/sa-core-2009-003/SA-CORE-2009-003-6.9.patch
Content Management, File Inclusion